RE: [FW1] Open ports on Firewall

[Todd Cravens <TCrave@FW1-NOSPAMwoodward.com>]

That's not completely accurate.  There are the implied rules that are setup in the Policy Properties.  Check those settings (on 4.1SP3, default control channels for management are opened) or set your view to show implied rules.  Then take the time to run a complete nmap scan (ports 1-65535) against all interfaces of your firewall.  The nmap scan will take a long time (1-10 hours), but it's better to know what is happening than to not know.

-----Original Message-----
From: Dan Guinn [mailto:dguinn@nsci.net]
Sent: Thursday, March 15, 2001 9:27 AM
To: 'Gunjan @ chat4help'; fw-1-mailinglist@lists.us.checkpoint.com
Subject: RE: [FW1] Open ports on Firewall

If you have your rulebase configured with a "catch-all" rule at the end, then only the ports you specifically allow in your rulebase, and those defined in your properties (ICMP, DNS, etc.) are open.

 

Dan Guinn

NetStar Communications

-----Original Message-----
From: Gunjan @ chat4help [mailto:gmathur@chat4help.com]
Sent: Thursday, March 15, 2001 9:14 AM
To: fw-1-mailinglist@lists.us.checkpoint.com
Subject: [FW1] Open ports on Firewall

Hi,

Is there any way through which we can find out what all ports are open on firewall. Like if Database server is behind the firewall then can we cahek wether port for DB service is open or not.

 

I already tried nmap to do that, it shows port open on FW m/c but that does not reflect that gave us access to DB server.

 

 

 

Thanks